Cyber chaos keeps spreading worldwide

In China, 18,000 IP addresses attacked, and universities among the hardest hit

TOKYO - Global cyber chaos was spreading on Monday as companies booted up computers at work following the weekend's worldwide ransomware cyberattack.

The extortion scheme created chaos in 150 countries and could wreak even greater havoc as more malicious variations appear. The initial attack, known as "WannaCry", paralyzed computers running the United Kingdom's hospital network, Germany's national railway and scores of other companies and government agencies around the world.

As a loose global network of cybersecurity experts fought the ransomware hackers, Chinese media said 29,372 institutions had been infected along with hundreds of thousands of devices.

The Japan Computer Emergency Response Team Coordination Center, a nonprofit providing support for computer attacks, said 2,000 computers at 600 locations in Japan were reported affected so far.

Government agencies said they were unaffected. Companies such as Hitachi and Nissan Motor reported problems they said had not seriously affected their business operations.

In China, about 18,000 IP addresses in China have been confirmed as infected with the "WannaCry" ransomware. Universities and other educational institutions were among the hardest hit, Xinhua reported.

That may be because schools tend to have old computers and be slow about updates of operating systems and security, said Fang Xingdong, founder of ChinaLabs, an internet strategy think tank.

Railway stations, mail delivery, gas stations, hospitals, office buildings, shopping malls and government services also were affected, Xinhua said, citing Qihoo 360, a Chinese internet security services company.

But the spread of the ransomware is ongoing, but is slowing down, the Cyberspace Administration of China said in a statement.

Elsewhere in Asia, officials in Japan and the Republic of Korea said they believed security updates had helped ward off the worst of the impact.

The most public damage in the ROK was to cinema chain CJ CGV Co. It was restoring its advertising servers at dozens of theaters after the attack left the company unable to display trailers of upcoming movies.

The attack was disrupting computers that run factories, banks, government agencies and transport systems in scores of countries, including Russia, Ukraine, Brazil, Spain, India and Japan, among others. Russia's Interior Ministry and companies including Spain's Telefonica, FedEx in the United States and French carmaker Renault all reported troubles.

Experts were urging organizations and companies to immediately update older Microsoft operating systems, such as Windows XP, with a patch released by Microsoft to limit vulnerability to a more powerful version of the malware or to future versions that can't be stopped.

Paying the ransom will not ensure any fix, said Eiichi Moriya, a cybersecurity expert and professor at Meiji University.

"You are dealing with a criminal," he said. "It's like after a robber enters your home. You can change the locks but what has happened cannot be undone. If someone kidnaps your child, you may pay your ransom but there is no guarantee your child will return."

Xinhua-AP-AFP-Reuters